[Followup] [Fixed] Re: Responding to relayed DHCP requests
Looks like the problem was clientside -- the relayer wasn't on the shared subnet so dhcpd ignored the requests. Changing the sender IP fixed it. Thanks anyway. :) -- Rens Houben |opinions are mine Resident linux guru and sysadmin | if my employers have one Systemec Internet Services. |they'll tell you themselves PGP public key at http://suzaku.systemec.nl/shadur.key.asc -- new Dec 12 2001 msg05111/pgp0.pgp Description: PGP signature
Re: Responding to relayed DHCP requests
As an addendum, DHCP version is 2.0pl5-7. -- Rens Houben |opinions are mine Resident linux guru and sysadmin | if my employers have one Systemec Internet Services. |they'll tell you themselves PGP public key at http://suzaku.systemec.nl/shadur.key.asc -- new Dec 12 2001 msg05109/pgp0.pgp Description: PGP signature
Responding to relayed DHCP requests
Hello,
I've got a router running woody and a 2.4.17 kernel that has to respond
to DHCP requests it gets relayed from another router on the same subnet.
I've configured everything (as far as I can tell) according to the
readmes, and the server is running. It's just not responding to relayed
queries, without even logging any errors.
Does anyone have any suggestions? I've tried everything I can think of,
which probably means there's some small detail that's totally obvious
that I've overlooked and will keep overlooking until someone points me
at it.
I've attached the config file and part of a tcpdump output below; IP
adresses were edited for security reasons.
The situation:
'server' is the actual dhcp server with three network cards. eth0
connects to 192.168.10.0 with netmask 255.255.255.252, and
traffic to 192.168.11.0 and 192.168.12.0 is routed via 192.168.10.1
eth1 connects to 10.10.20.1 and through that to the outside world. eth2
connects to the backup server which has to take over if this one fails.
'relay' is at 192.168.11.1 and sends relay queries to 'server' at
192.168.10.2. These come in over eth0.
Thanks in advance,
--
Rens Houben |opinions are mine
Resident linux guru and sysadmin | if my employers have one
Systemec Internet Services. |they'll tell you themselves
PGP public key at http://suzaku.systemec.nl/shadur.key.asc -- new Dec
12 2001
10:46:32.010762 relay.67 > server.67: (request) hops:1 xid:0xcc79ab27 secs:13888
flags:0x8000 G:relay ether 0:b0:d0:ba:37:e0 [|bootp]
10:47:13.144034 relay.67 > relay.67: (request) hops:1 xid:0xf57815e flags:0x8000
G:relay ether 0:b0:d0:ba:37:e0 [|bootp]
10:47:17.143915 relay.67 > relay.67: (request) hops:1 xid:0xf57815e secs:61759
flags:0x8000 G:relay ether 0:b0:d0:ba:37:e0 [|bootp]
10:47:24.145627 relay.67 > relay.67: (request) hops:1 xid:0xf57815e secs:61759
flags:0x8000 G:relay ether 0:b0:d0:ba:37:e0 [|bootp]
10:47:40.146222 relay.67 > relay.67: (request) hops:1 xid:0xf57815e secs:61759
flags:0x8000 G:relay ether 0:b0:d0:ba:37:e0 [|bootp]
option routers server;
# dhcpd.conf
#
# Sample configuration file for ISC dhcpd
#
# option definitions common to all supported networks...
option domain-name "dhcp.mycompany.com"
option domain-name-servers server;
option subnet-mask 255.255.255.0;
default-lease-time 600;
max-lease-time 7200;
subnet 192.168.10.0 netmask 255.255.255.252 {
not authoritative;
}
subnet 10.10.20.1 netmask 255.255.255.252 {
not authoritative;
}
subnet 192.168.10.8 netmask 255.255.255.248 {
not authoritative;
}
shared-network dhcp-pool1 {
subnet 192.168.12.0 netmask 255.255.255.0 {
option subnet-mask 255.255.255.255;
option routers 192.168.12.1;
range 192.168.12.2 192.168.12.254;
allow bootp;
}
}
msg05108/pgp0.pgp
Description: PGP signature
Traffic shaping and traffic accounting on one box
Hello all, About a year ago I set up a traffic shaping router using debian and cbq.init to allocate measured bandwidth for a group of clients, and used ipac to measure the actual traffic. After a month or two, I found out that the reports generated by ipacsum were grossly inaccurate (up to 6 times as much traffic was reported as existed). As I was unable to find the error, I simply set up a different accounting package (trafstats) on another system, which works fine. I'm now being asked, however, to put trafstats and cbq on one box, and I've reached the tentative hypothesis that the original problem was not due to a bug in ipac, but because traffic *shaping* occurs at the point where packets exit the computer, while traffic *accounting* occurs at the point where packets arrive at the computer -- so trafstats will suffer the same problem. My gut instinct says I'm right, but can anyone here think of an obvious reason why this might be wrong? Cheers, Shad. -- Rens Houben |opinions are mine Resident linux guru and sysadmin | if my employers have one Systemec Internet Services. |they'll tell you themselves PGP public key at http://suzaku.systemec.nl/shadur.key.asc pgpSrPdxN53qi.pgp Description: PGP signature
Traffic shaping and traffic accounting on one box
Hello all, About a year ago I set up a traffic shaping router using debian and cbq.init to allocate measured bandwidth for a group of clients, and used ipac to measure the actual traffic. After a month or two, I found out that the reports generated by ipacsum were grossly inaccurate (up to 6 times as much traffic was reported as existed). As I was unable to find the error, I simply set up a different accounting package (trafstats) on another system, which works fine. I'm now being asked, however, to put trafstats and cbq on one box, and I've reached the tentative hypothesis that the original problem was not due to a bug in ipac, but because traffic *shaping* occurs at the point where packets exit the computer, while traffic *accounting* occurs at the point where packets arrive at the computer -- so trafstats will suffer the same problem. My gut instinct says I'm right, but can anyone here think of an obvious reason why this might be wrong? Cheers, Shad. -- Rens Houben |opinions are mine Resident linux guru and sysadmin | if my employers have one Systemec Internet Services. |they'll tell you themselves PGP public key at http://suzaku.systemec.nl/shadur.key.asc msg04359/pgp0.pgp Description: PGP signature
Re: Help... SSH CRC-32 compensation attack detector vulnerability
On Mon, 2001-12-03 at 02:38, Jacob Kuntz wrote: > Never really looked into how reliable that is, but it's there. I'd like to > see apt-get support some sort of 'reinstall' command. You mean it doesn't? I could have sworn... (alternately: apt-get clean; apt-get --download-only install $package; dpkg -i /var/cache/apt/archives/package.deb > -- > Jacob Kuntz > http://www.lucidpark.net/ -- Rens Houben |opinions are mine Resident linux guru and sysadmin | if my employers have one Systemec Internet Services. |they'll tell you themselves PGP public key at http://suzaku.systemec.nl/shadur.key.asc pgp7khV4d9sVk.pgp Description: PGP signature
Re: Help... SSH CRC-32 compensation attack detector vulnerability
On Mon, 2001-12-03 at 02:38, Jacob Kuntz wrote: > Never really looked into how reliable that is, but it's there. I'd like to > see apt-get support some sort of 'reinstall' command. You mean it doesn't? I could have sworn... (alternately: apt-get clean; apt-get --download-only install $package; dpkg -i /var/cache/apt/archives/package.deb > -- > Jacob Kuntz > http://www.lucidpark.net/ -- Rens Houben |opinions are mine Resident linux guru and sysadmin | if my employers have one Systemec Internet Services. |they'll tell you themselves PGP public key at http://suzaku.systemec.nl/shadur.key.asc msg04328/pgp0.pgp Description: PGP signature
